SSL handshake failed
-
Recently some pages fail to load in Vivaldi stable release on Linux. On Vivaldi for Android there is no such problem, these sites load fine. Some weeks ago they worked fine on previous versions of Vivaldi.
The page is loading for 10-20 seconds then I get an error page saying "ERR_CONNECTION_CLOSED".
In the log I see:
[384724:384735:0514/114527.214566:ERROR:ssl_client_socket_impl.cc(879)] handshake failed; returned -1, SSL error code 1, net_error -100I tried with a clean profile without extensions, same problem.
Some example sites that fail:
https://smartshake.com
https://flirc.tv
https://www.pannonborbolt.hu -
@cuh7b5 All ok on Debian 12 KDE for me.
_bug hunter · Volunteer helper · Sopranos tester · Language DE,EN · ♀👵
Known old dragon lady: Gwen aka Dr. Gwen Agon aka GwenDragon aka DoctorGTesting
Linux Debian 12 KDE X11 / Windows 11 Pro
Intel i5-7400 / NVidia GT 710 -
@cuh7b5 Please check your router if that filters.
-
@cuh7b5
Hi, load fine on Opensuse but I guess it is more a network issue.
Do you use DNS default settings in Vivaldi?
Is the mobile in the same network? -
@cuh7b5 Connection closed means just that, and it was likely either the web site doing it, or a firewall/router somewhere. In the latter case, your problem will likely be ISP-caused, which would explain why your mobile device does not have the issue since it is normally running connection through a different ISP (tests you may run: 1) Connect the device to your wi-fi, 2) use your device as a network sharing for the main PC; in 1 you will probably get a failure, in 2 it should work, and if so, the problem is either your firewall, or your ISP).
-
Connecting my desktop to the mobile network via wifi tethering the pages load fine. So yes, this should be router or ISP related. I don't think that my router filters webpages, I haven't set up such firewall rules. So I will call my ISP.
Strange thing is that Firefox opens some of these pages even on my ISP's network. Some pages fail on Firefox, too. Chromium, Vivaldi, Brave fail to open all of them.
If I connect my mobile via wifi to the same LAN and turn off mobile data usage to ensure that I am routed to the same ISP the pages still load fine on my mobile. I don't really get it.
-
According to this:
disabling the "TLS 1.3 hybridized Kyber support" chromium flag solved my problem. At least temporarily. The article above says that this policy will be removed in the future.
I don't really understand what this article is about and it is still strange that problematic web pages open on some networks or devices and fail on others. After disabling this Kyber support feature they open fine.
-
@cuh7b5 Chromium is experimenting with post-Quantum TLS encryption, and has been doing so for a while.
One issue is that various intermediary routers, firewalls, etc. implement "security filtering" at the protocol level and enforces their own (very restrictive) reading of what is "legal" in TLS, and frequently breaks completely valid protocol messages. This was a serious issue when updating from TLS 1.1 to TLS 1.2, the use of various TLS Extensions (I had to add a LOT of workarounds in the old Opera 12 Presto code to get things to work), and then to TLS 1.3 (In fact, AFAIK parts of the the design of that version of the protocol was based on being able to avoid those gateways blocking the protocols).
